<?php
//<script>alert('You are hacked !!')</script>
//<script>window.location='http://google.com'</script>

if(isset($_POST['comment'])) {
  $comment = trim($_POST['comment']);
  //echo $comment  ;
  //echo '<pre>';
  //echo strip_tags($comment)  ;
  //echo htmlentities($comment)  ;
  echo nl2br($comment)  ;
  //echo '</pre>';
}

?>

<form name="testData" action="" method="post">

  <textarea name="comment"></textarea>
  <input type="submit" value="Save Comment">
</form>
